Requesting Code Review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The subagent template interpolates untrusted data from implementation descriptions and requirements, which constitutes an indirect prompt injection surface.\n
- Ingestion points: Placeholders such as
{WHAT_WAS_IMPLEMENTED}and{PLAN_OR_REQUIREMENTS}inreferences/code-reviewer-template.md.\n - Boundary markers: Absent; untrusted inputs are not delimited by specific markers or XML tags.\n
- Capability inventory: The subagent is instructed to execute shell commands (
git diff) and provide assessments on production readiness.\n - Sanitization: No input sanitization or validation logic is specified to prevent malicious instructions within the requirements text.\n- [COMMAND_EXECUTION] (LOW): The skill assembles shell commands dynamically using placeholders for git SHAs, which could lead to command injection if variables are populated with unvalidated strings.\n
- Evidence:
git diff --stat {BASE_SHA}..{HEAD_SHA}andgit diff {BASE_SHA}..{HEAD_SHA}inreferences/code-reviewer-template.md.\n - Risk: While intended for git SHAs, if these placeholders are filled with strings containing shell metacharacters (e.g., semicolons or pipes), they could trigger arbitrary command execution.
Audit Metadata